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IN THE UNITED STATEMENT P- 




In re PATENT APPLICATION of 



EINOLA, Heikki et al 



Atty Dkt.: 276663/2990235US/SML 



Appln. No. : 



Group Art Unit : 



Filed: 



HEREWITH 



Examiner : 



Title: ARRANGING AUTHENTICATION AND CIPHERING IN MOBILE 
COMMUNICATION SYSTEM 



Hon. Commissioner of Patents 

and Trademarks Office 
Washington, D.C. 20231 

Sir : 

Please amend this application as follows: 
IN THE CLAIMS: 

Claim 3, line 1, delete " or 2 " 

Claims 4, 6, 7, 8 and 11, line 1 change ^ any one of 
the preceding claims to " to - - claim 1 - - 

Claims 9 & 10, line 1, change ^ any one of claims 1 
to 7 " to - - claim 1 - - 



* 



* 



* 



Date February 1, 2 001 



PRELIMINARY AMENDMENT 



EINOLA 

Claim 14, line 1, delete w or 13 " 

Claims 15, lines 1 & 2, change " any one of claims 
12 to 14 " to - - claim 12 - - 

Claim 16, lines 1 & 2, change " any one of claims 
12 to 15 w to - - claim 12 - - 

Claims 17 & 18, lines 1 & 2, change " any one of 
claims 12 to 16 " to - - claim 12 - - 



Respectfully submitted, 
PILLS BURY WINTHROP LLP 



Richard C. Irving (J 
Reg. No. 3 8,4 99 
Tel. No. : (202) 861-3788 
Fax No. : (202) 822-0944 



RCl/mhn 

110 0 New York Avenue, N.W. 
Ninth Floor 

Washington, D.C. 20005-3918 
(202) 861-3000 
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09/762051 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re Patent Application of 

EINOLA et al. Group Art Unit: Not Yet Assigned 

Appln.No.: 09/762,051 Examiner: Not Yet Assigned 

Filed: February 1, 2001 

Title- ARRANGING AUTHENTICATION AND CIPHERING IN MOBILE 
COMMUNICATION SYSTEMS (AS AMENDED) 

***** 

June 20, 2001 

SUPPLEMENTAL PRELIMINARY AMENDMENT 

Hon. Commissioner of Patents 
Attn: Applications Branch 
Washington, D.C. 20231 

Sir: 

Supplemental to the Preliminary Amendment filed February 1, 2001 and prior to 
initial examination on the merits, please amend the above-identified application as follows: 
TN THE TITLE: 

Please delete the present title and replace it with the following new title: -- 
ARRANGING AUTHENTICATION AND CIPHERING IN MOBILE COMMUNICATION 
SYSTEMS --. 



TN THE CLAIMS: 

Please enter the following amended claims: 

1 . (Amended) A method of arranging data protection in a telecommunication system 
including a first mobile communication network, a second mobile communication network, 
and a mobile station supporting both of the mobile communication networks, the method 
comprising: 
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ciphering traffic between the mobile station and the first mobile communication 
network using a first cipher key; 

calculating a second cipher key to be used for ciphering traffic between the mobile 
station and the second mobile communication network in the first mobile communication 
network when the mobile station operates in the first mobile communication network; 

transmitting information necessary for calculating the second cipher key from the first 
mobile communication network to the mobile station when the mobile station operates in the 
first mobile communication network; and 

calculating the second cipher key at the mobile station to be used for ciphering traffic 
between the mobile station and the second mobile communication network. 

2. (Amended) The method of claim 1, further comprising: 
ciphering the traffic between the mobile station and the second mobile 

communication network using the second cipher key if the mobile station is handed over 
from the first mobile communication network to the second mobile communication network 
during an active connection. 

3. (Amended) The method of claim 1, further comprising: 

transmitting the second cipher key from the first mobile communication network to 
the second mobile communication network; 

transmitting the second cipher key calculated at the mobile station to a ciphering 
module of the mobile station in response to a request from the first mobile communication 
network to handover to the second mobile communication network; and 

ciphering traffic between the mobile station and the second mobile communication 
network using the second cipher key after handover is complete. 
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4. (Twice Amended) The method of claim 1, further comprising: 

determining, in the first mobile communication network, whether the mobile station 
supports the second mobile communication network; 

calculating the second cipher key in the first mobile communication network in 
response to a determination that the mobile station supports the second mobile 
communication network; 

transmitting a request for calculation of the second cipher key from the first mobile 
communication network to the mobile station; and 

calculating the second cipher key at the mobile station in response to the request for 
calculation of the second cipher key. 

5. (Amended) The method of claim 4, wherein the second cipher key is calculated in 
the first mobile communication network when an identifier transmitted by the mobile station 
indicates that the mobile station supports the second mobile communication network. 

6. (Twice Amended) The method of claim 1, further comprising: 

calculating the second cipher key at a first element in the first mobile communication 
network in response to a request from a second element of the first mobile communication 
network, the second element including identifiers transmitted by the mobile station, and 

transmitting the second cipher key from the first element to the second element. 

7. (Twice Amended) The method of claim 1, wherein the mobile station includes a 
USIM application for the first mobile communication network and a subscriber identification 
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SIM application for the second mobile communication network, the method further 
comprising: 

transmitting information necessary to calculate the second cipher key received by the 
mobile station to the SIM application, 

8. (Twice Amended) The method of claim 7, further comprising: 

calculating the second cipher key in the first mobile communication network in 
connection with calculating an authentication response for the first mobile communication 
network and the first cipher key; 

transmitting the information necessary for calculating the first cipher key and the 
second cipher key, such as a random-number parameter, from the first mobile communication 
network to the mobile station; 

transmitting the necessary information for calculating the first and second cipher keys 
from the mobile station to the subscriber identification applications for the first and the 
second mobile communication networks; 

calculating the second cipher key in the subscriber identification application for the 
second mobile communication network and calculating the authentication response in the 
subscriber identification application for the first mobile communication network; 

transmitting the authentication response for the first mobile communication network 
from the mobile station to the first mobile communication network; and 

acknowledging the authentication of the mobile station in the second mobile 
communication network in response to the first mobile communication network accepting the 
authentication response transmitted by the mobile station. 
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t 

9. (Twice Amended) The method of claim 7, further comprising: 

determining a random-number parameter and calculating an authentication response 
for the second mobile communication network in connection with calculating the second 
cipher key in the first mobile communication network; 

transmitting a request for calculating an authentication response for the second mobile 
communication network to the mobile station; 

transmitting the information necessary for calculating the second cipher key from the 
mobile station to the subscriber identification SIM application; 

calculating the authentication response for the second mobile communication network 
in connection with calculating said second cipher key using the subscriber identification SIM 
application module; 

transmitting the authentication response for the second mobile communication 
network that is calculated at the mobile station to the first mobile communication network; 
and 

checking said authentication response according to the second mobile communication 
network transmitted by the mobile station in the first mobile communication network. 

10. (Twice Amended) The method of claim 1, wherein the second cipher key is 
calculated by shortening the first cipher key in the first mobile communication network, and 
at the mobile station, before a handover to the second mobile communication network takes 
place. 

11. (Twice Amended) The method of claim 1, wherein the second cipher key is 
calculated in response to a decision in the first mobile communication network to carry out a 
handover to the second mobile communication network. 
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12. (Amended) A telecommunication system comprising: 

a first mobile communication network configured to use a first cipher key for 
ciphering traffic between a mobile station and the first mobile communication network; 

a second mobile communication network configured to use a second cipher key for 
ciphering traffic between a mobile station and the second mobile communication network; 
and 

a mobile station configured to support said different first and second mobile 
communication networks, 

wherein the first mobile communication network is configured to calculate the second 
cipher key when the mobile station operates in the first mobile communication network, and 
the first mobile communication network is configured to transmit information necessary for 
calculating the second cipher key from the first mobile communication network to the mobile 
station when the mobile station operates in the first mobile communication network, and the 
mobile station is configured to calculate said second cipher key. 

13. (Amended) The telecommunication system of claim 12, wherein the mobile 
station and the second mobile communication network are configured to cipher traffic 
between the mobile station and the second mobile communication network using the second 
cipher key if the mobile station is handed over from the first mobile communication network 
to the second mobile communication network during an active connection. 
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14. (Twice Amended) The telecommunication system of claim 12, wherein 

the first mobile communication network is configured to transmit the second cipher 
key to the second mobile communication network before a handover to the second mobile 
communication network, 

the mobile station is configured to transmit said second cipher key calculated at the 
mobile station to a ciphering means of the mobile station in response to the first mobile 
communication network transmitting a request to the mobile station for handover to the 
second mobile communication network, and 

the mobile station and the second mobile communication network are configured to 
cipher traffic after the handover using the second cipher key. 

15. (Twice Amended) The telecommunication system of claim 12, wherein 
the first mobile communication network is configured to determine whether the 

mobile station supports the second mobile communication network based on an identifier 
transmitted by the mobile station, 

the first mobile communication network is configured to calculate the second cipher 
key in response to a determination that the mobile station supports the second mobile 
communication network, 

the first mobile communication network is configured to transmit a request to the 
mobile station for calculation of the second cipher key, and 

the mobile station is configured to calculate said second cipher key based on the 
request from the first mobile communication network. 

16. (Twice Amended) The telecommunication system of claim 12, further 
comprising: 
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a first element of the first mobile communication network configured to receive the 
request for calculation of the second cipher key from a second element of the first mobile 
communication network configured to store identifiers transmitted by the mobile station of 
the first mobile communication network, 

wherein the first element is configured to calculate the second cipher key in response 
to the request from the second element, and the first element is configured to transmit the 
calculated second cipher key to the second element. 

17. (Twice Amended) The telecommunication system of claiml2, wherein 
the first mobile communication network is configured to calculate the second cipher 
key in connection with calculation of an authentication response associated with the first 
mobile communication network and the first cipher key, 

the first mobile communication network is configured to transmit to the mobile station 
information necessary for calculating the first cipher key and the second cipher key, such as a 
random-number parameter, 

the mobile station includes a USIM identification application for the first mobile 
communication network and a SIM identification application for the second mobile 
communication network, 

the mobile station is configured to transmit the information necessary for calculating 
the first cipher key and the second cipher key to the identification applications for the first 
and the second mobile communication networks, 

the SIM identification application is configured to calculate the second cipher key, 

the USIM identification application is configured to calculate the authentication 
response for the first mobile communication network, and 

8 
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the mobile station is configured to transmit the authentication response for the first 
mobile communication network to the first mobile communication network. 

18. (Twice Amended) The telecommunication system of claiml2, wherein 

the first mobile communication network is configured to determine a random-number 

parameter for the second mobile communication network and to calculate the authentication 

response in connection with calculating the second cipher key, 

the first mobile communication network is configured to transmit a request to the 

mobile station to calculate an authentication response for the second mobile communication 

network, 

the mobile station includes a USIM identification application for the first mobile 
communication network and a SIM identification application for the second mobile 
communication network, 

the mobile station is configured to transmit the information necessary to calculate the 
second cipher key to the SIM identification application for the second mobile communication 
network, 

the SIM identification application for the second mobile communication network is 
configured to calculate the second cipher key and the authentication response for the second 
mobile communication network substantially simultaneously, 

the mobile station is configured to transmit the authentication response for the second 
mobile communication network to the first mobile communication network, and 

the first mobile communication network is configured to check the authentication 
response for the second mobile communication network. 

Please enter the following new claims: 
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< 

— 19. (New) A network part in a first mobile communication network configured to 
use a first cipher key for ciphering traffic between the first mobile communication network 
and the mobile station, wherein the network part is configured to calculate, as the mobile 
station operates in the first mobile network, a second cipher key to be used for ciphering in a 
second mobile communication network, 

the network part is further configured to transmit information necessary for 
calculating the second cipher key from the first mobile communication network to the mobile 
station, 

and wherein the network part is also further configured to transmit the second cipher 
key to the second mobile communication network. 

20. (New) A mobile station configured to support a first mobile communication 
network and a second mobile communication network, wherein 

the mobile station is configured to cipher traffic between the mobile station and the 
first mobile communication network using a first cipher key when the mobile station operates 
in the first mobile communication network, 

the mobile station is further configured to receive from the first mobile 
communication network information necessary for calculating a second cipher key to be used 
for ciphering traffic between the mobile station and the second mobile communication 
network, 

the mobile station is further configured to calculate the second cipher key, and 
the mobile station is also further configured to cipher traffic between the mobile 
station and the second mobile communication network using the second cipher key if the 

10 
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mobile station is handed over from the first mobile communication network to the second 
mobile communication network. — 
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REMARKS 

Claims 1-20 are pending in this application. By this Amendment, claims 1-18 are 
amended to merely clarify the recited subject matter, and new claims 19-20 are introduced to 
protect additional aspects of the invention. No new matter is added by this Amendment 
because the claim amendments and new claims are fully supported by the originally filed 
specification and claims. 

Attached hereto is a marked-up version of the changes made to the claims by the 
current Amendment. The attached Appendix is captioned "VERSION WITH MARKINGS 
TO SHOW CHANGES MADE" . 

Prompt examination and favorable consideration on the merits are respectfully 



CHM/AM 

1600 Tysons Boulevard 
McLean, VA 22102 
(703) 905-2000 

Enclosure: Appendix 



requested. 



Respectfully submitted, 



PILLSBURY WINTHROP LLP 




Christine H. McCarthy 
Reg. No. 41,844 
Tel. No.: (703) 905-2143 
Fax No.: (703)905-2500 
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APPENDIX 

VERSION WITH MARKINGS TO SHOW CHANGES MADE 
IN THE TITLE: 

Please delete the pending title and replace it with the following title: --ARRANGING 
AUTHENTICATION AND CIPHERING IN MOBILE COMMUNICATION SYSTEMS-. 

IN THE CLAIMS: 

1 . (Amended) A method of arranging data protection in a telecommunication system 
[comprising] including a first mobile communication network [wherein a first cipher key is 
used for ciphering traffic between a mobile station and a mobile communication network], a 
second mobile communication network [wherein a second cipher key is used for ciphering 
traffic between a mobile station and a mobile communication network], and a mobile station 
supporting both of Tsaid] the mobile communication networks, [characterized by] 
the method comprising : 

ciphering traffic between the mobile station and the first mobile communication 
network using a first cipher key; 

calculating [said] a second cipher key to be used for ciphering traffic between the 
mobile station and the second mobile communication network in the first mobile 
communication network when the mobile station operates in the first mobile communication 
network[ ? ]; 

transmitting information necessary for calculating [said] the second cipher key from 
the first mobile communication network to the mobile station when the mobile station 
operates in the first mobile communication network^,] and 

calculating [said] tte second cipher key at the mobile station to be used for ciphering 
traffic between the mobile station and the second mobile communi cation network. 
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2. (Amended) [A method as claimed in] The method of claim 1, 
[characterized by] further comprising : 

[using said second cipher key for] ciphering the traffic between the mobile station and 
the second mobile communication network using the sec ond cipher key if the mobile station 
is handed over from the first mobile communication network to the second mobile 
communication network during an active connection. 

3. (Amended) [A method as claimed in] The method of claim 1, 
[characterized by] further comprising: 

transmitting [said] the second cipher key from the first mobile communication 
network to the second mobile communication network[,]; 

transmitting [said] the second cipher key calculated at the mobile station to a 
ciphering [means] module of the mobile station in response to [the fact that the first mobile 
communication network transmits a request to the mobile station for handover to the second 
mobile communication network] a request from the first mobile com munication network to 
handover to the second mobile communication network; and 

[using said second cipher key in] ciphering traffic [after the handover in the mobile 
station and in the second mobile communication network] between the mobile station and the 
second mobile communication network using the second cipher k ev after handover is 
complete . 

4. (Twice Amended) [A method as claimed in] The method of claim 1, 
[characterized by] further comprising: 
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[checking] determining , in the first mobile communication network, whether the 
mobile station supports the second mobile communication network^,] 

calculating [said] the second cipher key in the first mobile communication network in 
response to [the fact that] a determination that the mobile station supports the second mobile 
communication network;[,] 

transmitting a request for calculation of [said] the second cipher key from the first 
mobile communication network to the mobile station[,]; and 

calculating [at the mobile station said] the second cipher key at the mobile station in 
response to [said] the request for calculation of the se cond cipher key, 

5. (Amended) [A method as claimed in] The method of claim 4, 
[characterized by] wherein [calculating said] die second cipher key is calculated in 
the first mobile communication network [in response to the fact that] when an identifier 
transmitted by the mobile station[ 5 such as an IMSI subscriber identifier, and/or a classmark 
identifier indicate] indicates that the mobile station supports the second mobile 
communication network. 

6. (Twice Amended) [A method as claimed] The method of claim 1, 
[characterized by] further comprising : 

calculating [said] the second cipher key at a [network] first element in the first mobile 
communication network[, such as an authentication centre,] in response to [the fact that a 
network element of the first mobile communication network, such as a visitor location 
register or a home location register, comprising identifiers transmitted by the mobile station 
requests calculation of said second cipher key] a request from a second element of the first 
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mobile communication network the second element includin g identifiers transmitted by the 
mobile station , and 

transmitting [said] the second cipher key from [said network] the first element 
[calculating the cipher key] to [said] the second [network] element [comprising the identifiers 
transmitted by the mobile station]. 

7. (Twice Amended) [A method as claimed in] The method of claim 1, 
[characterized by] wherein the mobile station [comprising] includes a [subscriber 
identification] USIM application^ such as a USIM application, to] for the first mobile 
communication network and a subscriber identification SIM application^ such as an SIM 
application, to] for the second mobile communication network, the method further 
comprising: 

transmitting [the] information necessary [for calculating said] to calculate the second 
cipher key received by the mobile station to the [identification] SIM application [according to 
the second mobile communication network], 

8. (Twice Amended) [A method as claimed in] The method of claim [1] 7, 
[characterized by] further comprising: 

calculating [said] the second cipher key in the first mobile communication network in 
connection with calculating an authentication response [according to] for the first mobile 
communication network and the first cipher key[,]; 

transmitting the information necessary for calculating the first cipher key and [said] 
the second cipher key, such as a random-number parameter, from the first mobile 
communication network to the mobile station[,]; 
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transmitting the necessary information [at the mobile station] for calculating [said] the 
first and second cipher keys from the mobile station to the subscriber identification 
applications [according to] for the first and the second mobile communication networks[,]; 

calculating [said] the second cipher key in the subscriber identification application 
[according to] for the second mobile communication network and calculating the 
authentication response in the subscriber identification application [according to] for the first 
mobile communication network[,]; 

transmitting [said] the authentication response [according to] for the first mobile 
communication network from the mobile station to the first mobile communication 
network[J; and 

acknowledging the authentication of the mobile station [to be performed for] in the 
second mobile communication network in response to [the fact that] the first mobile 
communication network [accepts] accepting the authentication response transmitted by the 
mobile station. 

9. (Twice Amended) [A method as claimed in] The method of claim [1] 7, 
[characterized by] further comprising: 

determining a random-number parameter and calculating [the] an authentication 
response [according to] for the second mobile communication network in connection with 
calculating [said] the second cipher key in the first mobile communication network[,]; 

transmitting a request [to the mobile station] for [calculation of an] calculating an 
authentication response [according to] for the second mobile communication network tothe 
mobile stationM ; 
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transmitting the information necessary [at the mobile station] for calculating [said] the 
second cipher key from the mobile station to the subscriber identification SIM application 
[according to the second mobile communication network];[,] 

calculating[, in the identification application according to the second mobile 
communication network,] the authentication response [according to] for the second mobile 
communication network in connection with calculating said second cipher key using the 
subscriber identification SIM application module; [ J 

transmitting the authentication response [according to] for the second mobile 
communication network that is calculated at the mobile station to the first mobile 
communication network[ ? ]; and 

checking said authentication response according to the second mobile communication 
network transmitted by the mobile station in the first mobile communication network. 

10. (Twice Amended) [A method as claimed in] The method of claim 1, 
[characterized by] wherem[calculating said] the second cipher key is calculated by 
shortening the first cipher key in the first mobile communication network^ and at the mobile 
station before [the] a handover to the second mobile communication network takes place. 

1 1 . (Twice Amended) [A method as claimed in] The method of claim 1, 
[characterized by] wherein [calculating said] the second cipher key is calculated in 
response to [the fact that a decision has been made in the first mobile communication 
network] a decision in the first mobile communication network to carry out a handover to the 
second mobile communication network. 

12. (Amended) A telecommunication system comprising: [at least] 
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a first mobile communication network [arranged] configured to use a first cipher key 
for ciphering traffic between a mobile station and [a] the first mobile communication 
network;[,] 

a second mobile communication network [arranged] configured to use a second cipher 
key for ciphering traffic between a mobile station and [a] the second mobile communication 
network^,] and 

a mobile station [arranged] configured to support said different first and second 
mobile communication networks, [characterized in that] 

wherein the first mobile communication network is [arranged] configured to calculate 
[said] the second cipher key when the mobile station operates in the first mobile 
communication network, and the first mobile communication network is [arranged] 
configured to transmit information necessary for calculating [said] the second cipher key 
from the first mobile communication network to the mobile station when the mobile station 
operates in the first mobile communication network, and the mobile station is [arranged] 
configured to calculate said second cipher key. 

13. (Amended) [A] The telecommunication system [as claimed in] of claim 12, 
[characterized in that] wherein the mobile station and the second mobile 
communication network are [arranged] configured to cipher [the] traffic between the mobile 
station and the second mobile communication network [by] using [said] the second cipher 
key if the mobile station is handed over from the first mobile communication network to the 
second mobile communication network during an active connection. 

14. (Twice Amended) [A] The telecommunication system [as claimed in] of claim 
12, [characterized in that] wherein 
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the first mobile communication network is [arranged] configured to transmit [said] the 
second cipher key to the second mobile communication network before [the] a handover to 
the second mobile communication network, 

the mobile station is [arranged] configured to transmit said second cipher key 
calculated at the mobile station to a ciphering means of the mobile station in response to [the 
fact that] the first mobile communication network [transmits] transmitting a request to the 
mobile station for handover to the second mobile communication network, and 

the mobile station and the second mobile communication network are [arranged] 
configured to cipher [use said second cipher key in ciphering] traffic after the handover using 
the second cipher key . 

15. (Twice Amended) [A] The telecommunication system [as claimed in any one] of 
claim 12, [characterized in that] wherein 

the first mobile communication network is [arranged] configured to [check] determine 
whether the mobile station supports the second mobile communication network based on [the 
basis of] an identifier transmitted by the mobile station[, such as an IMSI and/or a classmark 
identifier], 

the first mobile communication network is [arranged] configured to calculate [said] 
the second cipher key in response to [the fact] a determination that the mobile station 
supports the second mobile communication network, 

the first mobile communication network is [arranged] configured to transmit a request 
to the mobile station for calculation of [said] the second cipher key, and 

the mobile station is [arranged] configured to calculate said second cipher key based 
on the [basis of said] request from the first mobile communica tion network. 
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16. (Twice Amended) [A] The telecommunication system [as claimed in] of claim 
12, [c h a r a c t e r i z e d in that] further comprising: 

a first element of the first mobile communication network confi gured to receive the 
request for calculation of the second cipher kev from a second [network] element 
[comprising] of the first mobile communication network configured to store identifiers 
transmitted by the mobile station of the first mobile communication network[, such as a 
visitor location register or a home location register, is arranged to transmit the request for 
calculation of said second cipher key to a network element of the first mobile communication 
network, such as an authentication centre], 

wherein the first [network] element [of the first mobile communication network, such as the 
authentication centre,] is [arranged] configured to calculate [said] the second cipher key in 
response to [the fact that the network element comprising the identifiers transmitted by the 
mobile station requests calculation of said second cipher key] the request from the second 
element , and[said] the first [network] element [calculating said second cipher key] is 
[arranged] configured to transmit the calculated second cipher key to [said] the second 
[network] element [comprising the identifiers transmitted by the mobile station]. 

17. (Twice Amended) [A] The telecommunication system [as claimed in] of claiml2, 
[characterized in that] wherein 

the first mobile communication network is [arranged] configured to calculate [said] 
the second cipher key in connection with calculation of an authentication response [according 
to] associated with the first mobile communication network and the first cipher key, 

the first mobile communication network is [arranged] configured to transmit to the 
mobile station information necessary for calculating the first cipher key and [said] the second 
cipher key, such as a random-number parameter, 
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the mobile station [comprises] includes [an] aUSIM identification application 
[according to] for the first mobile communication network[, such as a USIM application,] and 
[an] a SIM identification application [according to] for the second mobile communication 
network, [such as an SIM application,] 

the mobile station is [arranged] configured to transmit [said] the information 
necessary for calculating the first cipher key and [said] the second cipher key to the 
identification applications [according to] for the first and the second mobile communication 
networks, 

[said] the SIM identification application [according to the second mobile 
communication network] is [arranged] configured to calculate [said] the second cipher key^ 
[and] 

[said] the USIM identification application [according to the first mobile 
communication network] is [arranged] configured to calculate the authentication response 
[according to] for the first mobile communication network, and 

the mobile station is [arranged] configured to transmit the authentication response 
[according to] for the first mobile communication network to the first mobile communication 
network. 

18. (Twice Amended) [A] The telecommunication system [as claimed in] of claiml2 ? 
[characterized in that] wherein 

the first mobile communication network is [arranged] configured to determine a 
random-number parameter [according to] for the second mobile communication network and 
to calculate the authentication response in connection with calculating [said] the second 
cipher key, 
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the first mobile communication network is [arranged] configured to transmit a request 
to the mobile station [for calculating the] to calculate an authentication response [according 
to] for the second mobile communication network, 

the mobile station [comprises] includes a USM [an] identification application 
[according to] for the first mobile communication network[, such as a USIM application,] and 
[an] a SIM identification application [according to] for the second mobile communication 
network[, such as an SIM application], 

the mobile station is [arranged] configured to transmit the information necessary [for 
calculating said] to calculate the second cipher key to the SIM identification application 
[according to] for the second mobile communication network, 

the SIM identification application [according to] for the second mobile 
communication network is [arranged] configured to calculate [said] the second cipher key 
and the authentication response [according to] for the second mobile communication network 
substantially simultaneously, 

the mobile station is [arranged] configured to transmit the authentication response 
[according to] for the second mobile communication network to the first mobile 
communication network, and 

the [second] first mobile communication network is [arranged] configured to check 
the authentication response [according to] for the second mobile communication network. 
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Arranging authentication and ciphering in mobile communication 

SYSTEM 



BACKGROUND OF THE INVENTION 

The invention relates to a method and an arrangement for arranging 
data protection disclosed in the preambles of the independent claims. 

In mobile communication systems, at least one part of a transmis- 
sion path is comprised of a wireless section, whereby data transmission takes 
place via a radio path. A radio path is a physically open resource, which puts 
security at risk. Various solutions have been developed in digital mobile com- 
munication systems to arrange data protection, including ciphering methods 
and methods for identifying, i.e. authenticating, a user or a subscriber. 

in mobile communications systems, a mobile network typicaiiy car- 
ries out subscriber authentication in order to make sure that only correct par- 
ties have an access right. For example, a mobile station in a digital GSM sys- 
tem comprises a subscriber identity module SIM application comprising means 
for authenticating the subscriber. The SIM application further uses a personal 
identity number PIN check, whereby only the person who knows the PIN code 
can use the SIM application. In authentication, the mobile station transmits to 
the GSM network identification information, and the SIM and thus also the 
subscriber are authenticated on the basis of this information. The SIM-com- 
prises mobiie-operator-specific information, including- an SIM-specific interna- 
tional mobile subscriber identity IMS! of a mobile services subscriber. Typi- 
cally, the SIM also comprises a temporary mobile subscriber identity TMSI 
within a location area, which can be used to avoid transferring the IMS! over a 
radio path. 

A mobile switching centre MSG, which typically also comprises a 
visitor location register VLR, transmits an authentication request to an authen- 
tication centre AuC. The authentication centre AuC is typicaiiy located as a 
part of a home location register HLR of the subscriber. Subscriber authentica- 
tion information and authentication algorithms are stored in the authentication 
centre. On the basis of the IMS1 comprised in the authentication request, the 
authentication centre AuC selects a subscriber-specific authentication key KL 
In addition, a random-number generator generates a number of random- 
number parameters RAND, which, together with the key Ki, are used to pro- 
vide each RAND parameter with a checking parameter SRES by applying 
authentication algorithm A3. The authentication centre AuC typically transmits 
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these RAND/SRES parameters simultaneously with a calculated cipher key Kc 
to the visitor location register VLR to be stored. 

When the VLR wishes to authenticate a subscriber, it selects a 
RAND value for the parameter from a RAND/SRES tabie corresponding to the 
5 present subscriber and transmits the RAND value to the mobile station and 
further to the SIM application. The SIM comprises the same authentication key 
Ki and authentication algorithm A3 as those used at the authentication centre 
AuC. The SIM calculates the SRES parameter, which is the authentication re- 
sponse, by means of the received RAND parameter and the key Ki by apply- 

10 ing algorithm A3. The mobile station returns the SRES parameter to the visitor 
location register VLR. The VLR compares the SRES value transmitted by the 
mobile station with a stored SRES value, and if they are the same, the 
authentication has succeeded. In principle, the GSM network can request 
authentication at any stage when a mobile station is registered in the network. 

15 Authentication can be carried out particularly when a mobile station registers 
in a network. 

Ciphering is used in many telecommunication systems to prevent 
data to be transmitted from becoming subject to unauthorised access. For ex- 
ample, it is possible in the GSM system to use ciphering of data transmission 

20 which is difficult to crack, whereby speech and data converted into digital form 
are ciphered at the mobile station to be transmitted" over the radio path. Simi- 
larly, received ciphered data in the GSM network is deciphered into plain 
speech and data. In connection with the present application, ciphering can re- 
fer either to ciphering or deciphering of traffic. Ciphering and user authentica- 

25 tion utilise cipher keys and ciphering algorithms accessible to the particular 
transmission and reception equipment only. 

When in the GSM system the mobile switching centre MSCA/LR 
has authenticated the user, ciphering of the traffic to be transmitted can be ini- 
tiated. The cipher key Kc is calculated in connection with authentication by 

30 means of the secret key Ki and the random number RAND by applying algo- 
rithm A8 both at the authentication centre AuC and the SIM. Algorithms A3 
and A8 are typically implemented such that both the SRES parameter and the 
cipher key Kc are calculated simultaneously. In the authentication parameters 
the authentication centre transmits the cipher key Kc with the RAND and 

35 SRES parameters to the visitor location register VLR, whereby these three pa- 
rameters form a "triplet". The cipher key Kc is stored in the visitor location 
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register VLR. The visitor location register VLR transmits the random number 
RAND to the SIM application for authentication and cipher key calculation. 
The SIM calculates the cipher key Kc typically in connection with calculating 
the SRES parameter on the basis of the RAND parameter and the secret key 
5 Ki by applying algorithm A8. Consequently, calculating the cipher key Kc is a 
part of the GSM authentication. The cipher key Kc is stored in the SIM appli- 
cation. According to the GSM standard, the Kc is 64 bits at most 

When the mobile switching centre MSC/VLR commands ciphering 
to be initiated, the cipher key Kc is transmitted from the visitor location register 

10 VLR to a base station. Furthermore, a command is transmitted to the mobile 
station, which starts using the Kc calculated at the SIM. The GSM network 
selects the ciphering algorithm on the basis of the identifier of the ciphering al- 
gorithm comprised in a "classmark" identifier transmitted by the mobile station. 
The base station and the mobile station carry out traffic ciphering and deci- 

15 phering, depending on the direction of the traffic, by means of the cipher.key 
Kc and the number of the traffic frame by applying algorithm A5. The GSM 
System for Mobile Communications by M. Mouiy and M. Pauiet, PaJaiseau, 
France, 1992, ISBN: 2-9507190-0-7, for example, discloses a more detailed 
description of the GSM system. 

20 Third generation mobile communication systems have been devel- 

oped throughout the world. 3 rd generation partnership project 3G PP standard- 
izes a third generation mobile communication system which is based on the 
GSM system and called a universal mobiie telecommunications systems 
UMTS, which comprises a new radio interface, for example. The UMTS radio 

25 interface will be based on the wideband code division multiple access WCDMA 
technique. The GSM core network will be utilised in the UMTS system, 
whereby connection management and mobility management will mainly re- 
main the same. The UMTS system will provide circuit-switched services and 
packet-switched services. The packet-switched services will probably be 

30 based on the general packet radio service GPRS in the GSM. 

An essential requirement in the UMTS system is the handover re- 
quirement between the GSM and the UMTS. In connection with the present 
application, handover refers to changing a radio traffic connection and radio 
traffic responsibility from a source system to a target system without the data 

35 transfer connection provided for a user service being substantially discon- 
nected. In the GSM/UMTS handover, the connection is thus handed over from 
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the UMTS system to the GSM system, or vice versa, in the GSM/UMTS han- 
dover, the connection provided for the user remains similarly uninterrupted to 
one in the existing internal handover in the GSM system. This enables the 
UMTS system to be rapidly introduced since particularly in the beginning, the 
5 GSM system with its extensive coverage area can be used as backup. For this 
purpose, it is probable that devices called dual-mode mobile stations support- 
. ing both the GSM system and the UMTS system will appear on the market. 

In the UMTS standardization work, it is likely that a solution with 
mainly similar principles to the GSM procedures wilt be selected as far as the 

10 security architecture is concerned, in such a case, as high compatibility with 
the GSM architecture as possible can be achieved. Both the UMTS network 
and a user service identity module USIM application of the SIM identity appli- 
cation kind in the GSM comprise a secret key which is required for carrying out 
authentication. Changes will primarily relate to key lengths and "algorithms 

15 used; document TR S3.03 version 0.1 .2 f, 3G Security: Security Architecture" in 
the 3GPP discusses security requirements in the UMTS system. Particularly 
the cipher key to be used will probably be longer than in the GSM system. 

In order to support the GSM system, a UMTS IC card UICC com- 
prising the USIM application may also comprise the SIM application of the 

20 GSM system. The UMTS system further requires that services may be pro- 
vided to mobile stations with only a smart card comprising a GSM identity SIM 
application. Furthermore, at the early stage the GSM/UMTS core network may 
be the same, so the core network of the UMTS system can also support 
authentication and ciphering according to the GSM system as well. 

25 In the GSM system, in a handover situation, ciphering parameters 

used in handover between mobile switching centres, such as the cipher key, 
are transmitted from the source network to the target network. Hence, when a 
connection is handed over from the GSM network to the UMTS network, the 
cipher key Kc according to the GSM can be used while the traffic remains ci- 

30 phered all the time. It is naturally required that the UMTS network supports the 
ciphering according to the GSM system, it is also possible to carry out authen- 
tication according to the UMTS system and start using a UMTS cipher key af- 
ter handover 

When the mobile station is in the UMTS network, a cipher key ac- 
35 cording to the UMTS system is available for its use. When handover from the 
UMTS system to the GSM system is carried out, the problem is the ciphering 



WO 00/76194 PCT7FI00/00495 

5 

since a base station sub-system BSS according to the GSM system is not 
necessarily able to carry out the ciphering by the UMTS parameters. Conse- 
quently, the UMTS cipher key cannot be used as such after handover, ac- 
cording to the GSM principles. According to the prior art, when a change to the 
5 GSM system takes place, authentication according to the GSM system can be 
carried out after handover. In such a case, GSM ciphering can be initiated only 
after the cipher key Kc has been calculated. This, however, is time-consuming, 
and some of the traffic will be transferred over the GSM radio interface unci- 
phered. 

1 0 BRIEF DESCRIPTION OF THE INVENTION 

An object of the invention is thus to provide a method and an appa- 
ratus implementing the method so as to enable the above-mentioned prob- 
lems to be alleviated. The objects of the invention are achieved by a method 
and a system which are characterized by what is disclosed in the independent 

15 claims. Preferred embodiments of the invention are disclosed in the dependent 
claims. 

The invention is based on the idea that a cipher key of a "second" 
mobile communication network according to a mobile communication system, 
such as a GSM system, is determined in a first mobile communication network 

20 typically according to a different mobile communication system, such as a 
UMTS system, when a mobile station operates in the first mobile communica- 
tion network. In such a case, a "second" cipher key according to the second 
mobile communication network can be determined which can preferably be 
stored both in the mobile station and in the first mobile communication network 

25 usually using a "first" cipher key for ciphering traffic. The advantage achieved 
is that the second cipher key according to the second mobile communication 
network, such as the GSM network, is already available before a potential 
handover situation. 

In a handover situation, the second cipher key can, according to a 

30 preferred embodiment of the invention, be transmitted from the first mobile 
communication network to a network element performing ciphering, such as a 
base station, in the second mobile communication network. Furthermore, the 
second cipher key stored in the subscriber identification application, such as 
the SIM application, is preferably transmitted to a means in the mobile station 

35 which carries out ciphering in the mobile station. Hence, as soon as the logical 
connection has been handed over to the base station system of the second 
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mobile communication network, it is possible to start to use ciphering accord- 
ing .to the network concerned both at the mobile station and at the network 
element in the second mobile communication network that carries out the ci- 
phering. The advantage then achieved is that, with the exception of the first 
5 signalling messages, no traffic is transferred unciphered over the air interface 
after handover, as is the case in an internal handover situation in the GSM 
system. 

According to a solution of the invention, a mobile communication 
network and a mobile station can use several different and alternative meth- 

10 ods of ciphering or authentication by using different algorithms or keys. If the 
mobile communication network and the mobile station support more than one 
ciphering or authentication method, it is thus possible to e.g. change the cipher 
key used, if necessary. 

According to a preferred embodiment of the invention, a first mobile 

15 communication network examines, by means of an IMSl and/or ciassmark 
identifier, for example, whether a mobile station supports a second mobile 
communication network. In such a case, the cipher key according to a second 
mobile communication network is preferably calculated only if the mobile sta- 
tion supports the second mobile communication network. Furthermore, ac- 

20 cording to a preferred embodiment of the invention, the second cipher key can 
be calculated simultaneously with authentication according to the first mobile 
communication system. In such a case, one message is preferably used for 
requesting of the authentication centre and further, the mobile station, calcula- 
tion of a cipher key according to two different systems and, possibly, of an 

25 authentication response. 

On the other hand, according to another preferred embodiment of 
the invention, a request can be specified for calculating explicitly a second ci- 
pher key according to the second mobile communication system. This can be 
necessary when, for example, it is detected that handover is necessary to a 

30 second mobile communication network, in such a case, calculation of the ci- 
pher key according to the second mobile communication network only can be 
requested preferably in connection with authentication. According to an em- 
bodiment of the invention, the second cipher key can be calculated only when 
necessary, in other words when a decision is made about handover to the 

35 second mobile communication network. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The invention is now described in closer detail in connection with 
the preferred embodiments with reference to the accompanying drawings, in 
which 

5 Figure 1 shows, by way of example, a UMTS system with a GSM 

base station sub-system also connected thereto; 

Figure 2 shows a method according to a preferred embodiment of 
the invention in a simplified manner and by means of flow diagram; 

Figure 3 shows an authentication implementation according to a 
10 preferred embodiment of the invention by means of a signalling diagram; 

Figure 4 shows, by way of example and by means of a signalling 
diagram, a handover function from a UMTS system to a GSM system. 

DETAILED DESCRIPTION OF THE INVENTION 

In principle, the invention can be applied to any mobile communica- 

15 tion system. It is particularly well suited for a UMTS system, which wili largely 
be based on the GSM system. In the following, a preferred embodiment of the 
invention will be described by using an example wherein GSM authentication 
functions, calculation of a cipher key in particular, are carried out in a UMTS 
network before a handover function from the UMTS network to a GSM network 

20 (Figures 1 and 3) and a handover function which utilizes, according to the in- 
vention, a precalculated cipher key (Figure 4). Figure 2 describes in a simpli- 
fied manner a method according to a preferred embodiment of the invention 
independently of the mobile communication system used. 

Figure 1 shows, by way of example, a mobile communication net- 

25 work according to the UMTS system, a core network CN of the mobile com- 
munication network also being able to control a GSM base station sub-system. 
A UMTS mobile station MS comprises mobile equipment ME and a UICC 
smart card. A UMTS radio access network RAN comprises one or more base 
stations BS, and radio frequencies available to the base stations are controlled 

30 by a radio network controller RNC. 

For circuit-switched services, the radio network controllers RNC are 
connected to a mobile switching centre MSC, which is responsible for connec- 
tion establishment of the circuit-switched services and routing them to correct 
addresses. Two databases are utilized herein which comprise information on 

35 mobile subscribers: a home location register HLR and a visitor location register 
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VLR. Similarly, a serving GPRS support node SGSN utilizing the home loca- 
tion register HLR is used for packet-switched services. Both the MSC and the 
SGSN communicate with an authentication centre AuC, typically via the home 
location register HLR. 
5 - The mobile switching centre MSC is via an interworking function 

IWF connected to other telecommunication networks, such as a public 
switched telephone network PSTN or an integrated services digital network 
ISDN. A GPRS gateway support node GGSN communicates with packet data 
networks PDN. 

10 A base station sub-system BSS according to the GSM system is 

also connected to the core network CN, the base station sub-system BSS 
comprising at least one base transceiver station BTS and a base station con- 
troller BSC. 

A home environment HE specified in the UMTS documents of the 

15 3GPP enters a contract with a subscriber for service provision and provides a 
USIM application. In such a case, the home location register HLR is located in 
the home environment HE. A serving network SN refers to a network in the 
area of which the mobile station is currently located. In roaming situations or in 
situations in which service provision and network operation are separated from 

20 each other, separate home environment HE and serving network SN can be 
discerned. In Figure 1, the home environment HE and the serving network SN 
are not separated. 

In functions described later, the visitor location register VLR may be 
located in the serving network SN and the authentication centre AuC may be 

25 located in the home environment HE of a different operator or they may belong 
to a network controlled by the same operator. In connection with the present 
application, networks elements in the core network CN of Figure 1 are named 
as in the GSM system; the essential feature is that the network elements are 
capable of carrying out the functions according to the UMTS system. 

30 The security architecture in the UMTS system will be mainly similar 

to that in the GSM system. Hence, the procedure described earlier according 
to the GSM will also be implemented in the UMTS; probable differences will be 
discussed in the following. Table 1 shows UMTS parameters corresponding to 
GSM parameters that have been discussed in 3GPP document TR S3.03 ver- 

35 sion 0.1 .2 "3G Security: Security Architecture". 
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Table 1. 



DESCRIPTION 


GSM 


UMTS 


random number parameter 


RAND 


RANDu 


authentication checking pa- 
rameter to be compared 
(authentication response) 


SRES 


XRES 


cipher key 


Kc 


CK 


integrity key 




IK 


authentication token 




AUTN 



In authentication according to the UMTS system, the authentication 
centre AuC produces five parameters in accordance with Table 1 and trans- 
mits them to the visitor location register VLR. In the GSM system, three pa- 
rameters are produced, i.e. a triplet. The random number parameter RANDu 
corresponds to the RAND parameter in the GSM system, but may vary in 
length. An authentication checking parameter XRES (Expected Response) 
and a cipher key CK in particular may also vary in length compared to the 
GSM parameters SRES and Kc. The GSM lacks an authentication token 
AUTN; it can be transmitted to the USIM application in the same message as 
the RANDu parameter. By means of the AUTN token, the USIM application 
can check whether the serving network has the right to serve UMTS services. 
As distinct from the GSM system, the USIM generates an XRES parameter 
and calculates a cipher key CK only if the AUTN parameter is acceptable. As 
in the GSM system, the USIM transmits the calculated XRES parameter to the 
network to the visitor location register VLR, which compares it with the authen- 
tication checking parameter received from the authentication centre. The 
authentication has succeeded if the XRES calculated in the network and the 
XRES parameter calculated in the USIM application correspond to each other. 

The GSM system lacks an integrity key IK; in the UMTS system, it 
will be used for protecting certain signalling messages, such as information on 
features of a mobile station, for example. The IK is calculated both in the USIM 
application and in the UMTS network. Since UMTS standardization work is still 
underway, algorithms necessary for producing the parameters shown in Table 
1 have not been determined precisely. They will probably differ from GSM al- 
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gorithms A3, A5 and A8. The key corresponding to the secret key Ki in the 
GSM is K in the UMTS, K being used in calculating authentication parameters 
both in the USIM application and the authentication centre. 

in principle, the GSM or the UMTS network can request authentica- 
5 tion of a mobile station at any time. Authentication can be carried out e.g. in 
connection with location update or while providing a paging response when a 
mobile station receives a call. The invention can be applied to authentication 
at any time. 

in the example according to the invention, the mobile station MS is 

10 capable of establishing a connection both to the GSM and the UMTS net- 
works, i.e. it is a so-called dual-mode mobile station. The MS thus comprises 
functions both according to the GSM system and the UMTS system, and fur- 
ther, functions of the SIM application and the USIM application. The SIM/USIM 
functions are preferably located on a smart card UICC and they can preferably 

15 be provided from the same operator, i.e. home environment HE, as one appli- 
cation, it is assumed that the subscriber identifier, preferably the IMS), is the 
same both for the GSM and the UMTS system. Hence, the IMSI identifier 
identifies both the SIM application and the USIM application. On the basis of 
the IMSI identifier, the UMTS network can preferably also detect whether a 

20 subscriber that has the right to access both GSM and UMTS services is at is- 
sue. Even though the IMSI identifier were the same, authentication 
(comprising calculation of cipher keys) can be carried out in the solution ac- 
cording to a preferred embodiment of the invention for both the SIM applica- 
tion and the USIM application separately. 

25 In the following, a method according to a preferred embodiment of 

the invention will be described in a simplified manner by means of Figure 2, 
without being restricted to any certain mobile communication system. In Figure 
2, the most important steps of the invention are simplified, not all embodiments 
being shown. Later, by means of Figures 3 and 4, different steps and ern- 

30 bodiments will be described iri^ closer detail, applied to the UMTS and the GSM 
systems. 

When a mobile station operates in a first mobile communication 
network, traffic being transferred over the air interface is ciphered mainly by 
using a first cipher key. According to the invention, a second cipher key ac- 
35 cording to a second mobile communication network is calculated in the first 
mobile communication network (20). This can take place after the first mobile 
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communication network has detected a need for handover of the active con- 
nection to the second mobile communication network, for example, or in con- 
nection with authentication according to the first mobile communication net- 
work. 

5 ' After calculating the second cipher key, the first mobile communica- 

tion network transmits information necessary for calculating the cipher key to 
the mobiie station (21). The mobile station detects that calculation of the sec- 
ond cipher key according to the second mobile communication network is at 
issue and carries out calculation of the second cipher key (22). Next, the sec- 

10 ond cipher key is available both in the first mobile communication network and 
at the mobile station. If the logical connection provided for the mobile station is 
handed over to the second mobile communication network, the second cipher 
key is used both at the mobile station and in the second mobile communica- 
tion network after the handover (23). The first mobile communication network 

15 has then preferably transmitted the second key to the network element carry- 
ing out the ciphering in the second mobiie communication network before 
handover. Hence, the traffic between the mobile station and the second mobile 
communication network can be ciphered immediately after handover. 

In the following, a solution according to a preferred embodiment of 

20 the invention when applied to circuit-switched connections in the UMTS and 
GSM networks will be described in closer detail by means of Figure 3. Figure 3 
shows an exemplary signalling pattern of an authentication process, i.e. pro- 
duction of a cipher key, production and checking of authentication parameters, 
only including steps that are essential to the invention. When the mobile sta- 

25 tion is within the area of the UMTS network, it is further assumed that the traf- 
fic between the mobile station and the mobile communication network is ci- 
phered using the UMTS cipher key. 

In Figure 3, the mobile station MS transmits a location update re- 
quest message, for example, in order to request location update (identity, ar- 

30 row 30). The essential point is that the message (identity, arrow 30) comprises 
a UMTS subscriber identifier, either a TMSI or an IMSI identifier, for a similar 
purpose to the one in the GSM system, i.e. for identifying a subscriber. In 
some UMTS specifications, a temporary mobile user identity TMUI corre- 
sponds to the TMSI identifier, and an international mobile user identity IMU! to 

35 the IMSI identifier. 
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The UMTS network may also transmit a request to the mobile s:» 
tion to transmit a subscriber identifier, and the mobile station responds by 
transmitting the requested subscriber identifier (identity, arrow 30). 

it is further possible that in the UMTS system, the I MS I identifier is 
5 ciphered over the radio path in order to prevent misuse. If the IMSI identifier is 
ciphered, the visitor location register VLR has to transmit the ciphered IMS) 
identifier to the home location register HLR, which transmits the unciphered 
IMS! identifier back to the visitor location register (not shown). 

The visitor location register VLR transmits the request for authenti- 

10 cation and the IMSI identifier to the home location register HLR and further to 
the authentication centre AuC (send authentication info, arrow 31).ln the net- 
work, the VLR and the HLR communicate using the MAP signalling protocol. 
In the UMTS system, it is possible to use a different MAP version than in the 
GSM since, compared to the GSM, the above-described UMTS authentication 

15 functions require changes in the MAP protocol. Consequently, the home envi- 
ronment HE and further, the authentication centre AuC in connection with the 
home location register can infer from, for example, the MAP version that the 
request (send authentication info, arrow 31) has been received from a network 
capable of the UMTS. 

20 On the basis of the IMS! identifier the home environment HE, pref- 

erably the home location register HLR, can detect that the subscriber has the 
right to access both the GSM and the UMTS network. According to a preferred 
embodiment of the invention, the authentication centre AuC calculates both 
the authentication parameters of the UMTS and the authentication parameters 

25 of the GSM (triplet) substantially simultaneously and transmits them to the 
visitor location register VLR. If the serving network SN is not according to the 
UMTS (an MAP version according to the GSM system, for example), or on the 
basis of the IMSI identifier only the SIM application can be used, the authenti- 
cation centre AuC calculates preferably the GSM authentication parameters 

30 only. Furthermore, characteristics of the mobile station MS may also set re- 
quirements for the calculation of the GSM parameters, i.e. whether the mobile 
station supports the GSM system. Then, correspondingly, when the mobile 
station only supports the UMTS system or when, on the basis of the IMSI 
identifier, only the USIM application can be used, the AUC can calculate the 

35 authentication parameters of the UMTS only. 
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Alternatively, it is possible for the visitor location register VLR to re- 
quest authentication information according to a desired system or systems in 
connection with a (send authentication info, arrow 31) message. This can be 
implemented, for example, by adding bits indicating the type of authentication 
5 requested to the authentication information request (send authentication info, 
arrow 31). 

In order to avoid unnecessary processing power consumption, GSM 
authentication is carried out in the UMTS network only if the mobile station 
comprises the SIM application and the GSM functionality (dual-mode mobile 

10 station). The UMTS network can discern from the classmark identifier, for ex- 
ample, whether the mobile "station supports the GSM system. In such a case, 
the visitor location register can, the classmark identifier and/or the IMSI identi- 
fier having indicated that the mobile station supports the GSM system, request 
authentication both according to the GSM system and the UMTS system of the 

15 authentication centre AuC in connection with the (send authentication info, ar- 
row 31) message. 

The authentication centre AuC transmits the calculated authentica- 
tion information to the visitor location register VLR (authentication info, arrow 
32), wherein the information is stored. Since the authentication centre has cal- 

20 culated the GSM authentication parameters, a cipher key Kc according to the 
GSM network is available in the serving network SN for later use. After this 
step, the idea of the invention can be applied at least in two different ways: by 
implicit or explicit GSM authentication, which will be described next. 

An implicit GSM authentication according to a preferred embodi- 

25 ment of the invention will be discussed in the following. In this case, the UMTS 
random-number parameter RANDu received from the authentication centre 
AuC is equal in length to the GSM random-number parameter RAND 
(preferably 128 bits). The VLR transmits to the mobile station an authentica- 
tion request (authentication request, arrow 33) comprising the random-number 

30 parameter RANDu of the length of the RAND parameter in the GSM system. 
Since the authentication at issue is authentication according to the UMTS 
system, an authentication token AUTN is also preferably transmitted to the 
USIM application of the mobile station. 

According to a preferred embodiment of the invention, the mobile 

35 station MS transmits the random-number parameter RANDu both to the SIM 
and the USIM applications even though the authentication request 
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(authentication request, arrow 33) were according to the UMTS system. The 
mobile station may comprise, for example, means for checking the random- 
number parameter, in which case, when the random-number parameter is ac- 
cording to the GSM system, it is also transmitted to the SIM application. Then, 
5 according to a preferred embodiment of the invention, the SIM application cal- 
culates the cipher key Kc by using the secret key Ki and the RANDu parame- 
ter by applying A8 algorithm. The SIM application does not, however, have to 
produce the authentication checking parameter SRES. The SIM application 
stores the Kc for later use preferably in the memory of the smart card UICC. 

10 The USIM application receives the RANDu parameter, and, if the 

authentication token AUTN is acceptable, carries out the calculation of the 
authentication checking parameter XRES. Then, by means of the secret key K 
and the RANDu parameter and the authentication algorithm of the UMTS, the 
USIM produces the XRES parameter. The cipher key CK of the UMTS can be 

15 calculated simultaneously by means of the secret key K and the calculation al- 
gorithm of the cipher key. The authentication checking parameter XRES is 
transmitted from the USIM application to the visitor location register VLR 
(authentication response, arrow 34), which compares it with the checking pa- 
rameter received from the authentication centre AuC. If they match, authenti- 

20 cation according to the UMTS has succeeded. 

According to a preferred embodiment of the invention, in the implicit 
GSM authentication it is further assumed that the GSM authentication has 
been carried out when the UMTS authentication has succeeded. Furthermore, 
the cipher key according to the GSM system exists both in the UMTS network 

25 and in the USIM application for potential handover from the UMTS network to 
the GSM network. When authentication has been carried out, the UMTS net- 
work can transmit an approval, i.e. acknowledgement of the authentication to 
the mobile station MS (acknowledgement, arrow 35). Necessary procedures at 
a given time can then be continued according to the prior art; for example, the 

30 UMTS network may give the mobile station MS a command to initiate cipher- 
ing. 

Since in the implicit GSM authentication it is only necessary to cal- 
culate the cipher key Kc, the authentication centre AuC does not necessarily 
have to calculate and transmit all authentication parameters of the visitor loca- 
35 tion register VLR. Only the cipher key Kc has to be calculated and transmitted 
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to the visitor location register, preferably applying the same random-number 
parameter as in calculating the cipher key CK of the UMTS. 

According to a preferred embodiment of the invention, so-called ex- 
plicit GSM authentication can also be carried out. In such a case, the RANDu 
5 parameter can be of a different length than the RAND -parameter of the GSM. 
The UMTS network then transmits, preferably in the authentication request 
(authentication request, arrow 33), information on which authentication is de- 
sired, the GSM authentication, the UMTS authentication, or possibly both. 

The authentication request (authentication request, arrow 33) com- 

1 0 prises, for example, a GSM bit and a UMTS bit. When the GSM bit has a value 
1, the mobile station detects that it is the GSM authentication that is re- 
quested. Similarly, if the UMTS bit is 1, authentication according to the UMTS 
system will be carried out. If both bits are 1 , authentication according to both 
systems can be carried out. The MS can detect the desired authentication also 

15 from the length of the random-number parameter RAND or RANDu. Further- 
more, the mobile station MS can discern that it is the UMTS authentication that 
is desired if the authentication request (authentication request, arrow 33) com- 
prises the authentication token AUTN. 

If the serving network SN has requested GSM authentication, the 

20 RAND random-number parameter is transmitted to the SIM application and 
calculation according to the GSM system of the authentication response SRES 
and the cipher key Kc is carried out. The authentication response SRES is 
transmitted to the visitor location register VLR to be checked (authentication 
response, arrow 34) and the cipher key Kc is stored in the SIM application for 

25 potential later use. 

If the serving network SN has requested UMTS authentication, the 
RANDu random-number parameter is transmitted to the USIM application and 
authentication according to the UMTS system is carried out in a manner de- 
scribed earlier. If the UMTS authentication succeeds, nothing, however, is as- 

30 sumed concerning the GSM authentication on the basis thereof, but the GSM 
authentication has to be carried out separately if the serving network SN so 
desires. 

If the serving network SN requests authentication according both to 
the GSM and the UMTS systems, it preferably transmits both the RANDu and 
35 the RAND parameters in the authentication request (authentication request, 
arrow 33). When the mobile station has detected from, for example, the two 
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different random-number parameters that both the UMTS authentication and 
the GSM authentication are requested, it transmits the RAND parameter to the 
SIM application and the RANDu parameter to the USIM application. The SIM 
and the USIM calculate the authentication responses SRES and XRES and 

- 5 the cipher keys Kc and CK. The mobile station MS transmits the SRES pa- 
rameter transmitted by the SIM application and the XRES parameter trans* 
mitted - by the USIM application to the visitor location register VLR 
(authentication response, arrow 34) possibly in different messages. The visitor 
location register VLR compares the authentication responses received from 

10 the mobile station MS with the ones received from the authentication centre 
AuC, and if they match, the authentications have succeeded. 

The explicit method described above can generally be applied to a 
mobile communication system which supports several authentication methods. 
For example, it is possible that a new, alternative authentication and/or ci- 

1 5 phering method will be developed for the UMTS system. The network element 
(e.g. the AuC) which carries out authentication and calculation of the cipher 
key and the means (e.g. the USIM) which carries out the corresponding func- 
tions in the mobile station comprise the same algorithms. If the serving mobile 
communication network and particularly the network element carrying out the 

20 functions of the visitor location register VLR know how to apply the parameters 
according to the alternative authentication method, the explicit method may be 
used. Hence, the serving mobile communication system can transmit" to the 
authentication centre AuC an identifier of the authentication algorithm or algo- 
rithms used, for example. 

25 On the other hand, it is also possible that the AuC is aware of the 

characteristics of the mobile station and further, the serving mobile communi- 
cation network. In such a case, on the basis of the characteristics, it can also 
transmit the parameters according to the alternative method to the serving 
mobile communication network, to the visitor location register VLR, for exam- 

30 pie. Furthermore, the serving mobile communication network can preferably 
transmit to the mobile station information on the authentication method used in 
connection with the authentication request. This enables, for example, the ci- 
pher method used to be flexibly changed by calculating the cipher key ac- 
cording to the new authentication both at the authentication centre and the 

35 subscriber application. The cipher method used can, if necessary, be changed 
by transmitting the new cipher key to the means responsible for ciphering both 
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in the mobile communication network and at the mobile station. Preferably, the 
authentication centre AuC is also informed that the cipher method has been 
changed successfully. 

The great advantage achieved by the above-described GSM 
-5 authentication according to the implicit or explicit method is that the cipher key 
Kc according to the GSM system is ready for potential handover from the 
UMTS system to the GSM system. The cipher key Kc is stored both in the 
UMTS network, preferably in the visitor location register VLR, and in the mo- 
bile station, preferably in the SIM application. 

10 The calculation of the cipher key Kc according to the GSM system 

can be carried out if the serving network SN so desires. It can be carried out, 
for example, always in connection with the UMTS authentication. 

The calculation of the cipher key Kc can, according to a preferred 
embodiment of the invention, also be carried out when it is detected from the 

15 local radio cells that a need exists to carry out handover to the base station 
sub-system BSS according to the GSM system. Furthermore, the cipher key 
Kc can be calculated while handover is being carried out, which, however, 
may cause delay in carrying out the handover. 

The cipher key Kc according to the GSM system can also be de- 

20 termined by separating it from the cipher key CK of the UMTS when, for ex- 
ample, the connection is being handed over to the GSM base 'station. The CK 
will probably be longer than the Kc. Then, the mobile station MS and the 
UMTS network, preferably the VLR, make the CK key as short as the Kc key 
and preferably store it in memory for later use. Hence, the Kc key according 

25 to the GSM system is available for a potential handover situation. It is then un- 
necessary to calculate the GSM parameters at the authentication centre or in 
the SIM application. 

In the following, by means of Figure 4, a handover process will be 
described in a circuit-switched connection by way of example, only taking into 

30 account parts relevant to the invention. The mobile station MS carries out 
measurements of base stations located in the neighboring area, measuring 
also base stations of the GSM system when the UMTS network has preferably 
so requested. The mobile station MS transmits the measurement information 
to a serving radio network controller RNC (measurement, arrow 40). 

35 The RNC makes a decision about inter-system handover on the ba- 

sis of, for example, whether a handover threshold has been exceeded as far 



WO 00/76194 



PCT/FIOO/00495 



18 

as the signal strength is concerned. The RNC transmits an announcement 
about the necessity of the handover to an anchor mobile switching centre 
AMSC of the serving UMTS network SN (handover required, arrow 41). in 
handover, the AMSC is a so-called source mobile switching centre. The AMSC 
5 preferably comprises interworking function IWF, which enables a handover re- 
quest according the GSM system to be produced. If the cipher key Kc is not 
yet precalculated, the AMSC can request that it be calculated after, for exam- 
ple, the Af 3C has received the handover request (handover required, arrow 
41). Before the handover request is transmitted to the GSM network, the ci- 
10 pher key Kc is calculated, for example, in the explicit manner described 
above. 

The AMSC retrieves the precalculated cipher key Kc preferably 
from the visitor location register VLR. The AMSC transmits the cipher key Kc 
in the handover request to a relay mobiie switching centre RMSC according to 

15 the GSM system together with other information according to the GSM system 
and necessary in the handover, such as the ciassmark information of the mo- 
bile station (prepare ho request arrow 42). It is possible that the UMTS base 
station sub-system and the GSM base station sub-system to which handover 
is to be performed are connected to the same core network, as illustrated in 

20 Figure 1. In such a case, both the GSM and the UMTS base station sub- 
systems can be controlled by the same mobile switching centre MSG, which 
transmits the handover request to the GSM base station sub-system according 
to the GSM system. 

The RMSC transmits the handover request, which also comprises 

25 the cipher key Kc, to a base station controller BSC (handover request, arrow 
43). The BSC allocates the necessary resources according to the handover 
request and transmits the reply to the RMSC (ho request ack, arrow 44). The 
RMSC transmits the reply to the handover request to the AMSC (prepare ho 
response, arrow 45). The AMSC transmits a command according to the UMTS 

30 system to carry out the handover to the radio network controller RNC 
(handover command, arrow 46). 

The RNC transmits to the mobile station MS the handover com- 
mand between the UMTS and the GSM systems (inter-system ho command, 
arrow 47). This message comprises all necessary information on, for example, 

35 the radio channel for the mobile station to be able to carry out handover ac- 
cording to the GSM system. The mobile station MS recognizes that the han- 



WO 00/76194 



PCT/FIOO/00495 



19 

dover is to the GSM system, and it activates the GSM functions. Furthermore, 
the mobile station preferably detects that a cipher key according to the GSM 
system is needed, whereby the cipher key Kc according to the GSM system is 
requested of the SIM application. The SIM application transmits the cipher key 
5 Kc to the means of the mobile station which carries out ciphering according to 
the GSM system. 

The mobile station MS transmits a handover access message on a 
GSM channel allocated thereto as in a typical GSM system (handover access, 
arrow 48). The mobile station MS typically transmits one or more unciphered 

10 [HANDOVER ACCESS] messages determined in the GSM specifications. 
Next, the connection is handed over be served by the GSM base station sub- 
system according to the GSM system which is known per se and which needs 
not be described in closer detail here. Traffic to be transmitted can, according 
to a preferred embodiment of the invention, be ciphered by using the precai- 

15 culated cipher key Kc and the ciphering algorithm A5 preferably immediately 
after the (handover access, arrow 48) message. The GSM network can possi- 
bly, also carry out the authentication although the traffic can already be ci- 
phered. 

The great advantage achieved from the solution of a preferred em- 

20 bodiment of the invention is that the traffic between the mobile station and the 
mobile communication network can be ciphered immediately after handover by 
means of the cipher key Kc according to the GSM system. If no cipher key Kc 
for ciphering were available in the mobile station and the GSM base station, it 
would be necessary to carry out authentication and calculation of the cipher 

25 key after handover in the GSM network. In such a case, some of the traffic to 
be transmitted would remain unciphered and time would be wasted. 

In order to implement a preferred embodiment of the invention 
compared to the prior art implementation, such as the GSM system, changes 
are mainly required in the functions of the mobile switching centre MSCA/LR, 

30 the visitor location register VLR and the mobile station MS. The functions re* 
quired by the solution of the invention can be implemented by software. 

The above-described authentication, calculation of the cipher key 
and handover implementation describe by way of example the application of 
the invention to the UMTS and the GSM systems. The invention can also 

35 readily be applied to other mobile communication systems, such as wireless 
local area networks. 
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it is obvious to one skilled in the art that as technology advances, 
the basic idea of the invention can be implemented in several different ways. 
The invention and its embodiments are thus not restricted to the above- 
described examples but they can vary within the scope of the claims. 
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CLAIMS 

1. A method of arranging data protection in a telecommunication 
system comprising a first mobile communication network wherein a first cipher 
key is used for ciphering traffic between a mobile station and a. mobile com- 

5 munication network, a second mobile communication network wherein a sec- 
ond cipher key is used for ciphering traffic between a mobile station and a mo- 
bile communication network, and a mobile station supporting said mobile 
communication networks, characterized by 

calculating said second cipher key in the first mobile communication 
10 network when the mobile station operates in the first "mobile communication 
network, 

transmitting information necessary for calculating said second ci- 
pher key from the first mobile communication network to the mobile station 
when the mobile station operates in the first mobile communication network, 
15 and 

calculating said second cipher key at the mobile station. 

2. A method as claimed in claim ^characterized by 

using said second cipher key for ciphering the traffic between the 
mobile station and the second mobile communication network if the mobile 
20 station is handed over from the first mobile communication network to the sec- 
ond mobile communication network during an active connection. 

3. A method as claimed in claim 1 or 2, characterized by 
transmitting said second cipher key from the first mobile communi- 
cation network to the second mobile communication network, 

25 transmitting said second cipher key calculated at the mobile station 

to a ciphering means of the mobile station in response to the fact that the first 
mobile communication network transmits a request to the mobile station for 
handover to the second mobile communication network, and 

using said second cipher key in ciphering traffic after the handover 

30 in the mobile station and in the second mobile communication network. 

4. A method as claimed in any one of the preceding claims, 
characterized by 

checking, in the first mobile communication network, whether the 
mobile station supports the second mobile communication network, 
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calculating said second cipher key in the first mobile communication 
network in response to the fact that the mobile station supports the second 
mobile communication network, 

transmitting a request for calculation of said second cipher key from 
5 the first mobile communication network to the mobile station, and 

calculating at the mobile station said second cipher key in response 
to said request 

5. A method as claimed in claim 4, characterized by 
calculating said second cipher key in the first mobile communication 

10 network in response to the fact that an identifier transmitted by the mobile sta- 
tion, such as an (MSI subscriber identifier, and/or a ciassmark identifier indi- 
cate that the mobile station supports the second mobile communication net- 
work. 

6. A method as claimed in any one of the preceding claims, 
15 characterized by 

calculating said second cipher key at a network element in the first 
mobile communication network, such as an authentication centre, in response 
to the fact that a network element of the first mobile communication network, 
such as a visitor location register or a home location register, comprising iden- 
20 tifiers transmitted by the mobile station requests calculation of said second ci- 
pher key, and 

transmitting said second cipher key from said network element cal- 
culating the cipher key to said network element comprising the identifiers 
transmitted by the mobile station. 
25 7. A method as claimed in any one of the preceding claims, 

characterized by 

the mobile station comprising a subscriber identification application, 
such as a USIM application, to the first mobile communication network and a 
subscriber identification application, such as an SIM application, to the second 
30 mobile communication network, 

transmitting the information necessary for calculating said second 
cipher key received by the mobile station to the identification application ac- 
cording to the second mobile communication network. 

8. A method as claimed in any one of the preceding claims, 
35 characterized by 
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calculating said second cipher key in the first mobile communication 
network in connection with calculating an authentication response according to 
the first mobile communication network and the first cipher key, 

. transmitting the information necessary for calculating the first cipher 
5 key and said second cipher key, such as a random-number parameter, from 
the first mobile communication network to the mobile station, 

transmitting the necessary information at the mobile station for cal- 
culating said first and second cipher keys to the identification applications ac- 
cording to the first and the second mobile communication networks, 
10 calculating said second cipher key in the identification application 

according to the second mobile communication network and the authentication 
response in the identification application according to the first mobile commu- 
nication network, 

transmitting said authentication response according to the first mo- 
1 5 bile communication network from the mobile station to the first mobile commu- - 
nication network, and 

acknowledging the authentication of the mobile station to be per- 
formed for the second mobile communication network in response to the fact 
that the first mobile communication network accepts the authentication re- 
20 sponse transmitted by the mobile station. 

9. A method as claimed in any one of claims 1 to 7, charac- 
terized by 

determining a random-number parameter and calculating the 
authentication response according to the second mobile communication net- 
25 work in connection with calculating said second cipher key in the first mobile 
communication network, 

transmitting a request to the mobile station for calculation of an 
authentication response according to the second mobile communication net- 
work, 

30 transmitting the information necessary at the mobile station for cal- 

culating said second cipher key to the identification application according to 
the second mobile communication network, 

calculating, in the identification application according to the second 
mobile communication network, the authentication response according to the 

35 second mobile communication network in connection with calculating said 
second cipher key, 
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transmitting the authentication response according to the second 
mobile communication network calculated at the mobile station to the first mo- 
bile communication network, and 

. checking said authentication response according to the second mo- 
5 bile communication network transmitted by the mobile station in the first mobile 
communication network. 

10. A method as claimed in any one of claims 1 to 7, charac- 
terized by 

calculating said second cipher key by shortening the first cipher key 
10 in the first mobile communication network and at the mobile station before the 
handover to the second mobile communication network takes place. 

11. A method as claimed in any one of the preceding claims, 
characterized by 

calculating said second cipher key in response to the fact that a de- 
15 cision has been made in the first mobile communication network to carry out 
handover to the second mobile communication network. 

12. A telecommunication system comprising at least a first mobile 
communication network arranged to use a first cipher key for ciphering traffic 
between a mobile station and a mobile communication network, a second mo- 

20 bile communication network arranged to use a second cipher key for ciphering 
traffic between a mobile station and a mobile communication network, and a 
mobile station arranged to support said different first and second mobile com- 
munication networks, characterized in that 

the first mobile communication network is arranged to calculate said 
25 second cipher key when the mobile station operates in the first mobile com- 
munication network, 

the first mobile communication network is arranged to transmit in- 
formation necessary for calculating said second cipher key from the first mo- 
bile communication network to the mobile station when the mobile station op- 
30 erates in the first mobile communication network, and 

the mobile station is arranged to calculate said second cipher key. 

13. A telecommunication system as claimed in claim 12, char- 
acterized in that 

the mobile station and the second mobile communication network 
35 are arranged to cipher the traffic between the mobile station and the second 
mobile communication network by using said second cipher key if the mobile 
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station is handed over from the first mobile communication network to the sec- 
ond mobile communication network during an active connection. 

14. A telecommunication system as claimed in claim 12 or 13, 
characterized in that 
5 the first mobile communication network is arranged to transmit said 

second cipher key to the second mobile communication network before the 
handover to the second mobile communication network, 

the mobile station is arranged to transmit said second cipher key 
calculated at the mobile station to a ciphering means of the mobile station in 
10 response to the fact that the first mobile communication network transmits a 
request to the mobile station for handover to the second mobile communica- 
tion network, and 

the mobile station and the second mobile communication network 
are arranged to use said second cipher key in ciphering traffic after the hando- 
1 5 ver. 

15. A telecommunication system as claimed in any one of claims 12 
to 14, characterized in that 

the first mobile communication network is arranged to check 
whether the mobile station supports the second mobile communication net- 
20 work on the basis of an identifier transmitted by the mobile station, such as an 
IMS! and/or a cfassmark identifier, 

the first mobile communication network is arranged to calculate said 
second cipher key in response to the fact that the mobile station supports the 
second mobile communication network, 
25 the first mobile communication network is arranged to transmit a re- 

quest to the mobile station for calculation of said second cipher key, and 

the mobile station is arranged to calculate said second cipher key 
on the basis of said request. 

16. A telecommunication system as claimed in. any one of claims 12 
30 to 1 5, c h a r a c t e r i z e d in that 

a network element comprising identifiers transmitted by the mobile 
station of the first mobile communication network, such as a visitor location 
register or a home location register, is arranged to transmit the request for cal- 
culation of said second cipher key to a network element of the first mobile 
35 communication network, such as an authentication centre, 
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the network element of the first mobile communication network, 
such as the authentication centre, is arranged to calculate said second cipher 
key in response to the fact that the network element comprising the identifiers 
transmitted by the mobile station requests calculation of said second cipher 
5 key, and 

said network element calculating said second cipher key is ar- 
ranged to transmit the calculated second cipher key to said network element 
comprising the identifiers transmitted by the mobile station. 

17. A telecommunication system as claimed in any one of claims 12 
10 to 16, characterized in that 

the first mobile communication network is arranged to calculate said 
second cipher key in connection with calculation of an authentication response 
according.to the first mobile communication network and the first cipher key, 

the first mobile communication network is arranged to transmit to 
1 5 the mobile station information necessary for calculating the first cipher key and 
said second cipher key, such as a random-number parameter, 

the mobile station comprises an identification application according 
to the first mobile communication network, such as a USIM application, and an 
identification application according to the second mobile communication net- 
20 work, such as an SIM application, 

the mobile station is arranged to transmit said information neces- 
sary for calculating the first cipher key and said second cipher key to the iden- 
tification applications according to the first and the second mobile communica- 
tion networks, 

25 said identification application according to the second mobile com- 

munication network is arranged to calculate said second cipher key and said 
identification application according to the first mobile communication network 
is arranged to calculate the authentication response according to the first mo- 
bile communication network, and 

30 the mobile station is arranged to transmit the authentication re- 

sponse according to the first mobile communication network to the first mobile 
communication network. 

18. A telecommunication system as claimed in any one of claims 12 
to 16, characterized in that 

35 the first mobile communication network is arranged to determine a 

random-number parameter according to the second mobile communication 
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network and to calculate the authentication response in connection with "cal- 
culating said second cipher key, 

the first mobile communication network is arranged to transmit a re- 
quest to the mobile station for calculating the authentication response accord- 
5 ing to the second mobile communication network, 

the mobile station comprises an identification application according 
to the first mobile communication network, such as a USiM application, and an 
identification application according to the second mobile communication net- 
work, such as an SiM application, 
10 the mobile station is arranged to transmit the information necessary 

for calculating said second cipher key to the identification application accord- 
ing to the second mobile communication network, 

the identification application according to the second mobile com- 
munication network is arranged to calculate said second cipher key and the 
15 authentication response according to the second mobile communication net- 
work substantially simultaneously, 

the mobile station is arranged to transmit the authentication re- 
sponse according to the second mobile communication network to the first 
mobile communication network, and 
20 the second mobile communication network is arranged to check the 

authentication response according to the second mobile communication net- 
work. 
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